making a Debian Live CD for managing GnuPG master key and smartcards

flapflap flapflap at
Wed Apr 27 13:35:17 CEST 2016

> [0] is a How-To for creating an OpenPGP keypair for use with GnuPG on
> an airgapped system (using Tails) and exporting the subkeys for
> day-to-day use. There is a link [1] to a second guide to export the
> subkeys to an OpenPGP smartcard.

I was also about suggesting Tails, so thanks for doing that for me :)

Daniel Pocock:
> The benefit is that everything on the CD is self-contained, it can't be
> tampered with, it can run without network support in the kernel and the
> workflow would be controlled by a script.  All the details, including
> workflow, are described in a wiki[2]

Tails can be instructed in the Tails Greeter to disable all network
access [0].

As far as I understand it, Tails unconditionally blacklists the drivers
of all network devices [1].  If network access is enabled in the
Greeter, the blacklist is deleted [2] and the related services are
restarted; if network access is not enabled, the blacklist stays in place.

Yet, Tails might not be what you want because you have a different usage
pattern and thread model in mind.  For instance Tails ships non-free
software (and isn't happy about that) but needs to balance with the
possibility to run on almost every device a non-technical savvy user
wants it to boot from (which might not be the case for your use case).


More information about the Gnupg-users mailing list